Search
Free Cyber Assessment

Black Kite Unveils Vulnerability Intelligence Briefs to Provide Visibility Into Third-Party Vulnerability Risks

CISOs and third-party risk managers now have visibility of vulnerabilities within their third-party cyber ecosystems to prioritize relevance and engage vendors to mitigate risks

Boston, MA – April 29, 2025

Black Kite, the leader in third-party cyber risk intelligence, today introduced Vulnerability Intelligence Briefs (VIB). This groundbreaking solution goes beyond cataloging Common Vulnerabilities and Exposures (CVEs) by providing visibility into third-party risks, enabling security professionals to discover a vulnerability’s severity, exploitability, and exposure.

An organization’s third-party vulnerabilities are its greatest risk exposure, exacerbating challenges faced by security teams that frequently rely on traditional vulnerability management solutions focused on internal systems. As a result, they are operating with a critical blind spot in the security posture of vendors and partners. This gap creates a significant risk, as a single unpatched vulnerability in a third-party system can trigger a cascading impact across an entire organization.

“As more organizations turn to third-party vendors, open-source components, and cloud services, in today’s environment, they cannot afford to rely on a traditional vulnerability management mindset,” said Chuck Schauber, Chief Product Officer at Black Kite. “Third-party risks are increasing, with vulnerabilities fast becoming a third-party risk management issue. With the release of Black Kite VIB, we are providing a solution that has the actionable intelligence and tools needed so that organizations can move from reactive patching to a strategic ecosystem defense. Without doubt, this launch represents a new era where managing vulnerability risks in third-parties is not only possible but now is a critical part of third-party cyber risk management.”

According to Black Kite’s recently released 2025 Supply Chain Vulnerability Report: Navigating a New Era of Managing Vulnerability Risk in Third Parties, 2024 marked a sharp increase in published vulnerabilities, with over 40,000 CVEs disclosed, representing a 38% year-over-year increase. Many of these exploited vulnerabilities were found in widely used third-party software rather than internally developed applications, with high-profile vulnerabilities in MOVEit, Fortra GoAnywhere, and Ivanti products demonstrating how supply chain risks can propagate. These findings further validate that vulnerability management must evolve beyond internal patching strategies.

With VIB, Black Kite is revealing vulnerabilities across the supply chain so that organizations can assess the associated risks and their impact, prioritize the vulnerabilities that need to be mitigated, and engage with their vendors to strengthen their security and the security of the entire supply chain. 

Key benefits and features include:

  • Take control of third-party risks: Detect, assess, and drive vendor response at the speed of real-world threats by bridging the gap between risk intelligence and action to make third-party risk management truly effective.
  • Go beyond CVEs: Gain insights beyond just cataloguing CVEs by discovering how relevant, discoverable, and actionable those vulnerabilities are when it comes to third-party cyber risk.
  • Leverage OSINT: Focus on exploitable vulnerabilities with actionable risk intelligence to move from reactive patching to proactive ecosystem defense through Auto-Scanning for measuring patch management risk, and FocusTagsTM, Black Kite’s new tagging feature that automatically flags vendors who have experienced a data breach, ransomware attack, or other significant cyber incident for rapid response to high-priority threats.

Resources:

  • Meet Black Kite: Request a meeting with our team in San Francisco for the RSA Conference 2025 from Monday, April 28 – Thursday, May 1.
  • Black Kite’s Signature Whiskey Tasting: Join us at this exclusive event, which will be held on April 29 and April 30 from 4-6:00pm PT at the Four Seasons Hotel San Francisco, located at 757 Market Street.
  • To learn more about our events, schedule a demo, or meet with us, please visit: https://blackkite.com/request-a-demo/.
  • Black Kite’s VIB is available now to new and existing customers. For more information about Black Kite’s new features and VIB capabilities, visit our CVE Database.

About Black Kite

Black Kite gives organizations a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners, and suppliers in an ever-changing digital landscape. Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating. Black Kite serves more than 3,000 customers in a wide range of industries and has received numerous industry awards and recognition from customers.

Learn more at www.blackkite.com, or on the Black Kite blog.

Media Contact:

Michelle Kearney

Hi-Touch PR

443-857-9468

[email protected]